CN101872338B - Method for obtaining safe information abstract in authentication header - Google Patents

Method for obtaining safe information abstract in authentication header Download PDF

Info

Publication number
CN101872338B
CN101872338B CN2010101931163A CN201010193116A CN101872338B CN 101872338 B CN101872338 B CN 101872338B CN 2010101931163 A CN2010101931163 A CN 2010101931163A CN 201010193116 A CN201010193116 A CN 201010193116A CN 101872338 B CN101872338 B CN 101872338B
Authority
CN
China
Prior art keywords
message
eap
grouping
message digest
algorithm
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN2010101931163A
Other languages
Chinese (zh)
Other versions
CN101872338A (en
Inventor
吴卿
张奇锋
倪永军
周兴武
金恭华
赵俊杰
郁伟炜
吴鹏
曾虹
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Dianzi University
Original Assignee
Hangzhou Dianzi University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Dianzi University filed Critical Hangzhou Dianzi University
Priority to CN2010101931163A priority Critical patent/CN101872338B/en
Publication of CN101872338A publication Critical patent/CN101872338A/en
Application granted granted Critical
Publication of CN101872338B publication Critical patent/CN101872338B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention relates to a modified SHA-1 hash algorithm. The existing SHA-1 harsh algorithm has low security. The invention firstly adds a 1, a plurality of 0 and a 64-bit binary string after the information to be processed, then enlarges and groups the information, so the original 512-bit group is changed into a 1024-bit group and a register value is initialized; then a main cycle is utilized to sequentially process each group, the main cycle totally has four operations, and each operation contains logical function and compression function processing; and finally, after the processing of all the groups is completed, 160-bit message digest is output, and when the message digest is transferred, the message to be transferred is added with a safety hashed value. Through the algorithm of the invention, the original SHA-1 algorithm has more safety on message processing, and through modifying the logical function expression and the compression function logical structure of the algorithm, the efficiency of the SHA-1 algorithm is improved.

Description

Obtain the method for secure message digest in a kind of authentication protocol
Technical field
The invention belongs to the network security technology field, be specifically related to obtain in a kind of authentication protocol the method for secure message digest.
Background technology
Digital signature is a kind of important information security technology; It is widely used in network information exchange field; And in the numerous digital signature technology of kind, can use one type of special mathematical algorithm---hash algorithm usually, it occupies in digital signature technology and consequence.At present common hash algorithm has MD5, SHA-1 and RIPEMD-160, domesticly tends to use MD5 and SHA-1.Just when coming to see that SHA-1 is because the advantage of its security intensity and operation efficiency aspect has become most popular algorithm.
The SHA-1 algorithm is by USA National Institute of Standard and Technology and the design of American National security bureau, and is adopted by U.S. government, becomes American National Standard.SHA-1 can be no more than 2 to length 64The message of bit is calculated, and the eap-message digest that produces 160 bits is as output.The treatment scheme of this algorithm is divided into 5 steps:
1) pending message add at the back one 1 with several 0 (at least 1, maximum 512), the result that the length of message is become 512 complementations is 448;
2) add the binary string of one 64 bit again in the message that newly obtains back, its value be the original length of message, and the length of message is 512 multiple at this moment;
3) initialization buffer memory, the buffer memory here are the variable of 5 32 bits;
4) utilize the each grouping of handling one 512 bit of major cycle.Major cycle has 4 and takes turns, and whenever takes turns 20 operations, and 4 circulations have similar structure, but recycle different basic logic functions at every turn, are called f 1, f 2, f 3, f 4
5) eap-message digest of output 160 bits is as operation result.
Learn the latest developments of studying with regard to Current Password, the security of MD5 is under suspicion, and the security intensity of RIPEMD-160 is the highest.But RIPEMD-160 is owing to adopt two loop bodies, and five take turns module compression function logical organization, though strengthened security, arithmetic speed are greatly reduced.Comparatively speaking, SHA-1 is present safe and reliable algorithm, and the 160bit hashed value of its production has much higher security intensity compared with the 128bit hashed value of MD5.If the enforcement birthday attack is as long as carry out 2 to MD5 64Computing, and will carry out 2 to SHA-1 80Inferior computing.For exhaustive attack, the operation times of MD5 and SHA-1 is respectively 2 128With 2 160With regard to arithmetic speed, MD5 is fast slightly, and SHA-1 is more or less the same with it.In addition, though the security of SHA-1 is also constantly being received challenge at present, crack the huge operand that changes algorithm is nonsensical for present level of hardware.Therefore, SHA-1 remains safe at present and from now on several years.But these challenges exist after all, and therefore, we are necessary to improve changing algorithm, make it have better availability.
Summary of the invention
The present invention is directed to the deficiency of prior art, proposed to obtain in a kind of authentication protocol the method for secure message digest.
The present invention solves the key point that its technical matters adopts: from the angle of security and operation efficiency, a good hash algorithm should possess following characteristic: 1) message to random length can calculate a fixed length and unique eap-message digest; 2) can not instead release the message that produces this summary by a known summary; 3) will find two different messages with identical summary is infeasible on calculating, although exist in theory; 4) weak conflict can be resisted, also strong conflict can be resisted; 5) has arithmetic speed faster.To these characteristics, the present invention will improve SHA-1 from the account form of block length, hashed value, expression formula and four aspects of compression function logical organization of logical function.
The concrete steps that the present invention taked are:
Step (1) pending message add at the back one 1 with several 0 (at least 1, maximum 512), the result that the length of message is become 512 complementations is 448;
Step (2) is added the binary string of one 64 bit at the back in the message that newly obtains; The value of binary string is the original length of message; The length of message is 512 multiple at this moment; Then this message is enlarged grouping, make the grouping of original 512bit become the grouping of 1024bit, the grouping of new 1024bit is formed in the grouping of promptly adjacent 512bit.
Step (3) initialization register values, described register values is the variable of 5 32 bits, comprises variables A, variable B, variable C, variables D, variable E; The initialization value of each variable is:
A=0x67452301 B=0xEFCDAB89
C=0x98BADCFE D=0x10325476
E=0xC3D2E1F0
Step (4) utilizes major cycle to handle each grouping successively.Described major cycle has the four-wheel computing, and first round computing has 20 operations, is operating as at every turn:
A=B+C
B=C+D
C=D+E
D=E+A
E=A+B
f 1=(B?AND?C)OR(NOT?B?AND?D)
A,B,C,D,E<-(E+f 1+S 5(A)+W t+K t),A,S 30(B),C,D
Second takes turns computing has 20 operations, is operating as at every turn:
A=B+C
B=C+D
C=D+E
D=E+A
E=A+B
f 2=B?XOR?C?XOR?D
A,B,C,D,E<-(E+f 2+S 5(A)+W t+K t),A,S 30(B),C,D
The third round computing has 20 operations, is operating as at every turn:
A=B+C
B=C+D
C=D+E
D=E+A
E=A+B
f 3=(B?AND?C)OR(B?AND?D)OR(C?AND?D)
A,B,C,D,E<-(E+f 3+S 5(A)+W t+K t),A,S 30(B),C,D
The four-wheel computing has 20 operations, is operating as at every turn:
A=B+C
B=C+D
C=D+E
D=E+A
E=A+B
f 4=(B?AND?NOT?C)XOR?D
A,B,C,D,E<-(E+f 4+S 5(A)+W t+K t),A,S 30(B),C,D
Wherein B, C and D all represent register values, and AND representes and computing that OR representes exclusive disjunction, and NOT representes inverse, and XOR representes XOR, W tRepresent 32 pending words in t the grouping, "+" expression mod2 32Addition, "<-" the expression assignment operation, S k(A) expression variables A ring shift left k position, K tRepresent a constant that is used for addition, the value in the four-wheel circulation is all different.
After all packet transaction of step (5) finish, export 160 eap-message digest, when message transfer is made a summary, add secure hash value for eap-message digest waiting for transmission.
The method of described interpolation secure hash value is:
The work of transmit leg:
(1) produces the eap-message digest M that will send;
(2) sequence number or the timestamp according to this eap-message digest M produces random packet S i
(3) with S iOther position of adding eap-message digest M afterbody to or arranging is in advance calculated hashed value H (M, S to the message of having added random packet with hash function i);
(4) with eap-message digest M and hashed value H (M, S i) together send.
Take over party's work:
(1) from the message that receives, isolates eap-message digest M and hashed value H (M, S i);
(2) produce random packet S according to sequence number or timestamp i';
(3) with S i' add other position of eap-message digest afterbody or prior agreement to, the message of having added random packet is calculated hashed value H ' (M, S i');
(4) with H ' (M, S i') with the hashed value H (M, the S that receive i) compare, show that then message is not modified if equate.
Through the inventive method, can make original SHA-1 algorithm in processing, have higher security, and pass through the expression formula and the compression function logical organization of the logical function of this algorithm of improvement message, improved the efficient of SHA-1 algorithm.
Embodiment
Obtain the method for secure message digest in a kind of authentication protocol, comprise the steps:
Step (1) pending message add at the back one 1 with several 0 (at least 1, maximum 512), the result that the length of message is become 512 complementations is 448;
Step (2) is added the binary string of one 64 bit at the back in the message that newly obtains; The value of binary string is the original length of message; The length of message is 512 multiple at this moment; Then this message is enlarged grouping, make the grouping of original 512bit become the grouping of 1024bit, the grouping of new 1024bit is formed in the grouping of promptly adjacent 512bit.
In the SHA-1 algorithm with length less than 2 64Message gather the grouping that is divided into a plurality of 512bit behind the position, handle a grouping at every turn.Algorithm is 16 32bit words with original 512bit at first, is extended for 80 32bit words by certain rule, is used for satisfying four circulation modules of overall logic structural design, the needs of 20 operations of each module (amounting to the operation of 80 steps).Here use W tRepresent 32 pending words in t the grouping, then in this 80 step logical function operation operation, each step is handled a W t, handle 80 W altogether tThis way means a packets inner that is expanded into 80 32bit words has introduced a large amount of redundancies with relevant, and this also is in order to increase the security of algorithm certainly.Thus, it is contemplated that, for the big long message of data volume, if with block length by i.e. 16 the 32bit words of the 512bit of original regulation, expansion is twice, and changes i.e. 32 the 32bit words of 1024bit into, still presses SHA-1 algorithm word W then tExpand algorithm and be extended for 80 32bit word W t, packets inner has been introduced a lot of redundancies equally with relevant like this, and the arithmetic speed of algorithm but thereby improve the unlikely again security that influences algorithm.
Step (3) initialization register values, described register values is the variable of 5 32 bits, comprises variables A, variable B, variable C, variables D, variable E; The initialization value of each variable is:
A=0x67452301 B=0xEFCDAB89
C=0x98BADCFE D=0x10325476
E=0xC3D2E1F0
Step (4) utilizes major cycle to handle each grouping successively.Described major cycle has the four-wheel computing, and first round computing has 20 operations, is operating as at every turn:
A=B+C
B=C+D
C=D+E
D=E+A
E=A+B
f 1=(B?AND?C)OR(NOT?B?AND?D)
A,B,C,D,E<-(E+f 1+S 5(A)+W t+K t),A,S 30(B),C,D
Second takes turns computing has 20 operations, is operating as at every turn:
A=B+C
B=C+D
C=D+E
D=E+A
E=A+B
f 2=B?XOR?C?XOR?D
A,B,C,D,E<-(E+f 2+S 5(A)+W t+K t),A,S 30(B),C,D
The third round computing has 20 operations, is operating as at every turn:
A=B+C
B=C+D
C=D+E
D=E+A
E=A+B
f 3=(B?AND?C)OR(B?AND?D)OR(C?AND?D)
A,B,C,D,E<-(E+f 3+S 5(A)+W t+K t),A,S 30(B),C,D
The four-wheel computing has 20 operations, is operating as at every turn:
A=B+C
B=C+D
C=D+E
D=E+A
E=A+B
f 4=(B?AND?NOT?C)XOR?D
A,B,C,D,E<-(E+f 4+S 5(A)+W t+K t),A,S 30(B),C,D
Wherein B, C and D all represent register values, and AND representes and computing that OR representes exclusive disjunction, and NOT representes inverse, and XOR representes XOR, W tRepresent 32 pending words in t the grouping, "+" expression mod2 32Addition, "<-" the expression assignment operation, S k(A) expression variables A ring shift left k position, K tRepresent a constant that is used for addition, the value in the four-wheel circulation is all different.
Before not improving, major cycle has the four-wheel computing equally, and the logical function in every the wheel is respectively:
f 1=(B?AND?C)OR(NOT?BAND?D)
f 2=B?XOR?C?XOR?D
f 3=(B?AND?C)OR(B?AND?D)OR(C?AND?D)
f 4=B?XOR?C?XOR?D
In above-mentioned four functions because f 2=f 4So SHA-1 has in fact only used three logical functions; Thereby in fact only be equivalent to circulation module (the constant value K only of three-wheel tDifferent.)。Such words will certainly bring certain risk to defensive attack along with the attack technology means is constantly perfect.Among the present invention with f 4Function expression change (B AND NOT C) XOR D function expression into.Like this improve seldom,, but improved security simultaneously relatively the almost not influence of its arithmetic speed.Four logical function expression formulas after the improvement are as shown in table 1, and its truth table is as shown in table 2.
Logical function expression formula after table 1 improves
The wheel number Logical function Function expression
The first round (0<=t<=19) f 1(B,C,D) ?(B?AND?C)OR(NOT?B?AND?D)
Second takes turns (20<=t<=39) f 2(B,C,D) ?B?XOR?C?XOR?D
Third round (40<=t<=59) f 3(B,C,D) ?(B?AND?C)OR(B?AND?D)OR(C?AND?D)
Four-wheel (60<=t<=79) f 4(B,C,D) ?(B?AND?NOT?C)XOR?D
Table 2 improves back algorithm logic function truth table
Figure GSB00000835370300061
After all packet transaction of step (5) finish, export 160 eap-message digest, when message transfer is made a summary, add secure hash value for eap-message digest waiting for transmission.Because hashing algorithm is disclosed, malicious node may be intercepted and captured the message that is in the transmission course, revises message content, recomputates hashed value then and replaces original hashed value, and the integrality of message is destroyed.For this reason, when calculating hashed value, take in message, to increase the method that a 512bit at random divides into groups, thereby increase safety coefficient.The content of this random packet can be certain conversion of the sequence number or the timestamp (is unit with the microsecond) of message, for example the 5+2n position is moved in the value left side circulation of sequence number or timestamp; This random packet can be added the back of former message to, also can be inserted into the optional position of former message.About the content and the insertion position of random packet, communicating pair is preferably shared the rule base of a secret in advance.
The method of adding secure hash value is:
The work of transmit leg:
(1) produces the eap-message digest M that will send;
(2) sequence number or the timestamp according to this eap-message digest M produces random packet S i
(3) with S iOther position of adding eap-message digest M afterbody to or arranging is in advance calculated hashed value H (M, S to the message of having added random packet with hash function i);
(4) with eap-message digest M and hashed value H (M, S i) together send.
Take over party's work:
(1) from the message that receives, isolates eap-message digest M and hashed value H (M, S i);
(2) produce random packet S according to sequence number or timestamp i';
(3) with S i' add other position of eap-message digest afterbody or prior agreement to, the message of having added random packet is calculated hashed value H ' (M, S i');
(4) with H ' (M, S i') with the hashed value H (M, the S that receive i) compare, show that then message is not modified if equate.
Because secret rule base, random packet S iContent and insertion position and reduction formula all do not have to send, so the assailant can't calculate correct hashed value according to the message of intercepting and capturing, also just be difficult to carry out attack.
It is thus clear that the hashed value that calculates as stated above not only can guarantee the integrality of message effectively, can also play the effect of sequence number or timestamp.

Claims (1)

1. obtain the method for secure message digest in the authentication protocol, it is characterized in that this method comprises the steps:
Step (1) pending message add at the back one 1 with N 0, the result that the length of message is become 512 complementations is 448,512 >=N >=1;
Step (2) is added the binary string of one 64 bit at the back in the message that newly obtains; The value of binary string is the original length of message; Then this message is enlarged grouping; Make the grouping of original 512bit become the grouping of 1024bit, the grouping of new 1024bit is formed in the grouping of promptly adjacent 512bit;
Step (3) initialization register values, described register values is the variable of 5 32 bits, comprises variables A, variable B, variable C, variables D, variable E;
Step (4) utilizes major cycle to handle each grouping successively, and described major cycle has the four-wheel computing, and first round computing has 20 operations, is operating as at every turn:
A=B+C
B=C+D
C=D+E
D=E+A
E=A+B
f 1=(B?AND?C)OR(NOT?B?AND?D)
A,B,C,D,E<-(E+f 1+S 5(A)+W t+K t),A,S 30(B),C,D
Second takes turns computing has 20 operations, is operating as at every turn:
A=B+C
B=C+D
C=D+E
D=E+A
E=A+B
f 2=B?XOR?C?XOR?D
A,B,C,D,E<-(E+f 2+S 5(A)+W t+K t),A,S 30(B),C,D
The third round computing has 20 operations, is operating as at every turn:
A=B+C
B=C+D
C=D+E
D=E+A
E=A+B
f 3=(B?AND?C)OR(B?AND?D)OR(C?AND?D)
A,B,C,D,E<-(E+f 3+S 5(A)+W t+K t),A,S 30(B),C,D
The four-wheel computing has 20 operations, is operating as at every turn:
A=B+C
B=C+D
C=D+E
D=E+A
E=A+B
f 4=(B?AND?NOT?C)XOR?D
A,B,C,D,E<-(E+f 4+S 5(A)+W t+K t),A,S 30(B),C,D
Wherein B, C and D all represent register values, and AND representes and computing that OR representes exclusive disjunction, and NOT representes inverse, and XOR representes XOR, W tRepresent 32 pending words in t the grouping, "+" expression mod2 32Addition, "<-" the expression assignment operation, S k(A) expression variables A ring shift left k position, K tRepresent a constant that is used for addition, the value in the four-wheel circulation is all different;
After all packet transaction of step (5) finish, export 160 eap-message digest, when message transfer is made a summary, add secure hash value for eap-message digest waiting for transmission;
The method of described interpolation secure hash value is:
The work of transmit leg:
(1) produces the eap-message digest M that will send;
(2) sequence number or the timestamp according to this eap-message digest M produces random packet S i
(3) with S iOther position of adding eap-message digest M afterbody to or arranging is in advance calculated hashed value H (M, S to the message of having added random packet with hash function i);
(4) with eap-message digest M and hashed value H (M, S i) together send;
Take over party's work:
(1) from the message that receives, isolates eap-message digest M and hashed value H (M, S i);
(2) produce random packet S according to sequence number or timestamp i';
(3) with S i' add other position of eap-message digest afterbody or prior agreement to, the message of having added random packet is calculated hashed value H ' (M, S i');
(4) with H ' (M, S i') with the hashed value H (M, the S that receive i) compare, show that then message is not modified if equate.
CN2010101931163A 2010-06-04 2010-06-04 Method for obtaining safe information abstract in authentication header Expired - Fee Related CN101872338B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2010101931163A CN101872338B (en) 2010-06-04 2010-06-04 Method for obtaining safe information abstract in authentication header

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2010101931163A CN101872338B (en) 2010-06-04 2010-06-04 Method for obtaining safe information abstract in authentication header

Publications (2)

Publication Number Publication Date
CN101872338A CN101872338A (en) 2010-10-27
CN101872338B true CN101872338B (en) 2012-08-29

Family

ID=42997204

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2010101931163A Expired - Fee Related CN101872338B (en) 2010-06-04 2010-06-04 Method for obtaining safe information abstract in authentication header

Country Status (1)

Country Link
CN (1) CN101872338B (en)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013089682A1 (en) 2011-12-13 2013-06-20 Intel Corporation Method and apparatus to process keccak secure hashing algorithm
WO2013095503A1 (en) * 2011-12-22 2013-06-27 Intel Corporation Method and apparatus to process sha-1 secure hashing algorithm
CN102638344B (en) * 2012-03-20 2015-04-22 桂林电子科技大学 Method for constructing reinforced hash function based on compression function
JP6238774B2 (en) 2013-02-21 2017-11-29 キヤノン株式会社 Hash value generator
JP6113091B2 (en) 2013-03-07 2017-04-12 キヤノン株式会社 Hash value generator
CN107563223A (en) * 2017-09-12 2018-01-09 四川阵风科技有限公司 Information processing method, device and electronic equipment
CN110503434B (en) * 2019-07-15 2023-04-07 平安普惠企业管理有限公司 Data verification method, device, equipment and storage medium based on Hash algorithm
US11411743B2 (en) * 2019-10-01 2022-08-09 Tyson York Winarski Birthday attack prevention system based on multiple hash digests to avoid collisions

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101039180A (en) * 2007-05-09 2007-09-19 中兴通讯股份有限公司 Method and system for generating and transmitting key
CN101420304A (en) * 2008-11-25 2009-04-29 西安理工大学 Security protection method for electronic document digital signature based on discrete logarithm
WO2010004335A2 (en) * 2008-07-09 2010-01-14 The Queen's University Of Belfast Data security devices and methods

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101039180A (en) * 2007-05-09 2007-09-19 中兴通讯股份有限公司 Method and system for generating and transmitting key
WO2010004335A2 (en) * 2008-07-09 2010-01-14 The Queen's University Of Belfast Data security devices and methods
CN101420304A (en) * 2008-11-25 2009-04-29 西安理工大学 Security protection method for electronic document digital signature based on discrete logarithm

Also Published As

Publication number Publication date
CN101872338A (en) 2010-10-27

Similar Documents

Publication Publication Date Title
CN101872338B (en) Method for obtaining safe information abstract in authentication header
US7546461B2 (en) Strengthening secure hash functions
CN108880783B (en) Combined attack method aiming at SM4 algorithm
CN116321129B (en) Lightweight dynamic key-based power transaction private network communication encryption method
CN107070636B (en) White box software implementation method of quotient cipher SM4 algorithm in standard cipher text output format
CN107204841B (en) Method for realizing multiple S boxes of block cipher for resisting differential power attack
CN104113420A (en) Identity based aggregate signcryption method
CN114710261A (en) AES key arrangement method
Zamanov et al. ASIC-resistant hash functions
Wang et al. An attack on hash function HAVAL-128
Selvakumar et al. The evaluation report of sha-256 crypt analysis hash function
US9288041B2 (en) Apparatus and method for performing compression operation in hash algorithm
Wang et al. Security analysis of a one-way hash function based on spatiotemporal chaos
CN107769911B (en) Lightweight hash function construction method based on span structure
Al-Odat et al. An efficient lightweight cryptography hash function for big data and iot applications
US20160050073A1 (en) Robust mac aggregation with short mac tags
Saravanan et al. Theoretical survey on secure hash functions and issues
Purohit et al. Design and analysis of a new hash algorithm with key integration
Velioğlu et al. A New Approach to Cryptographic Hashing: Color Hidden Hash Algorithm
Madhuravani et al. Cryptographic hash functions: SHA family
Awlla et al. Secure device to device communication for 5G network based on improved AES
Elkamchouchi et al. A new Secure Hash Dynamic Structure Algorithm (SHDSA) for public key digital signature schemes
Nithya et al. Cryptographic Hash Algorithms Performance Finding using. Net Simulation
Su et al. Full-round differential attack on TWIS block cipher
Zhikai et al. Application research of WSN key distribution scheme based on SBH

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20120829

Termination date: 20160604